popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

update.vbs

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 16, 2023, 1:53 p.m. June 16, 2023, 1:56 p.m.
Size 707.0B
Type ASCII text, with very long lines, with no line terminators
MD5 92de717394d746b8aa97764201a1eff6
SHA256 1ec868aae3af8b4b9899dedcac504b864e920baa6c075dac5ef102e47cb952f1
CRC32 BAEBD708
ssdeep 12:eJFsF9NuZrATa8YnmwCq0jQNQ0TwK8lx5O4wcQy8I6aYdRjSAkMGyp01oQG5z:OeFGZrAcCqNNQ0TwbnOxvy8If8I5aezs
Yara None matched

Name Response Post-Analysis Lookup
well-story.co.kr
A 183.111.141.93
183.111.141.93
html.gethompy.com
A 112.175.246.91
112.175.246.91
img.fmcity.com
A 112.175.246.145
112.175.246.145
IP Address Status Action
112.175.246.145 Active Moloch
112.175.246.91 Active Moloch
164.124.101.2 Active Moloch
183.111.141.93 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
request GET http://well-story.co.kr/adm/inc/js/list.php?query=1
request GET http://html.gethompy.com/404.html?id=ZGFoYW53
request GET http://html.gethompy.com/favicon.ico
request GET http://img.fmcity.com/images/reseller/common/tle_info.gif
request GET http://img.fmcity.com/images/reseller/common/img_info.gif
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02700000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Symantec ISB.Downloader!gen175
Avast Script:SNH-gen [Trj]
AVG Script:SNH-gen [Trj]